CVE-2026-5655
SDP Protocol Dissector Crash in Wireshark
Publication date: 2026-04-30
Last updated on: 2026-05-01
Assigner: GitLab Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wireshark | wireshark | From 4.6.0 (inc) to 4.6.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-5655 vulnerability in Wireshark is caused by a crash in the SDP (Session Description Protocol) dissector. This affects Wireshark versions 4.6.0 through 4.6.4. The crash can be triggered by processing a malformed packet sent over the network or by opening a malformed packet trace file. Specifically, the crash occurs due to an invalid memory access when the dissector encounters certain SDP fields with identical values, such as "a=control:trackID" in SIP INVITE and 200 OK packets.
This vulnerability leads to a denial of service condition by causing Wireshark to crash unexpectedly.
How can this vulnerability impact me? :
This vulnerability can impact users by causing Wireshark to crash when analyzing network traffic or opening capture files containing malformed SDP packets. This denial of service can interrupt network analysis, troubleshooting, or monitoring activities.
Since the crash is triggered by malformed packets or capture files, an attacker could potentially disrupt the use of Wireshark by sending crafted packets or providing malicious capture files.
There are no known exploits currently, but the risk remains until the affected versions are updated.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by identifying malformed SDP packets that cause the Wireshark SDP dissector to crash. Specifically, packets containing SIP INVITE and 200 OK messages with identical SDP "a=control:trackID" values can trigger the crash.
To detect this on your system, you can analyze network captures for SDP packets with identical "a=control:trackID" values in SIP INVITE and 200 OK packets.
While no specific commands are provided in the resources, using Wireshark filters to isolate SDP packets and inspecting the "a=control" attribute values in SIP messages can help identify potential triggers.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Wireshark to version 4.6.5 or later, where this vulnerability has been fixed.
Avoid opening malformed packet trace files that contain SDP packets with identical "a=control:trackID" values in SIP INVITE and 200 OK messages, as these can trigger the crash.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any impact of the CVE-2026-5655 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.